[EMAIL PROTECTED] wrote:
> [..]
> - Specify _some_ message contents
>
> This is what syslog does today. Facility and Severity are specified. The
> rest is implementation specific. I would, at a minimum, add originating
> system time to this list. I like this option the best, and we can have lots
> of arguments about what is specified, what is mandatory, what is
> optional... :)
IMO...a log entry needs the following meta-data:
* Facility
o A string, not a number!
* Severity
* Identifier for the originating system
o DNS name, IP, whatever
* Authenticator for the originating system and the data contents
o Something like an a hash of the message encrypted with the
originating system's private key
Whether systems always populate the authentication field and what receiving
systems do with log entries with no authentication field or with data that's
inauthentic is up to the implementation, but it needs to be there for people
who need authenticated logs.
--
Chris Calabrese
Internet Infrastructure and Security
Merck-Medco Managed Care, L.L.C.
[EMAIL PROTECTED]
.
